Describe the bug
Emulator always revokes tokens that are older than one week
To Reproduce
When using firebase emulator, after a week of authentication, token passes the expired token check but never pass the token revoked check
Facing this issue for few month now for a project i'm working on. Had to debug through the firebase tools as follows:
in node_modules/firebase-admin/lib/base-auth.js
in the verifyDecodedJWTNotRevokedOrDisabled function:
Emulator will always throw token revoked error if the login is over a week even though the token has been refreshed
const authTimeUtc = decodedIdToken.auth_time * 1000;
// Get user tokens valid after time in milliseconds UTC.
const validSinceUtc = new Date(user.tokensValidAfterTime).getTime();
// Check if authentication time is older than valid since time.
if (authTimeUtc < validSinceUtc) {
throw new error_1.FirebaseAuthError(revocationErrorInfo);
}
As of now, the decodedidToekn resolved to the following PST time:
authTimeUtc: 1704074185000
which resolves to: Sunday, December 31, 2023 5:56:25 PM
validSinceUtc: new Date(user.tokensValidAfterTime).getTime()
1711179389000
which resolves to: Saturday, March 23, 2024 12:36:29 AM
Which always results true on the following if statement
if (authTimeUtc < validSinceUtc) {
throw new error_1.FirebaseAuthError(revocationErrorInfo);
}
Describe the bug Emulator always revokes tokens that are older than one week
To Reproduce When using firebase emulator, after a week of authentication, token passes the expired token check but never pass the token revoked check
Facing this issue for few month now for a project i'm working on. Had to debug through the firebase tools as follows: in node_modules/firebase-admin/lib/base-auth.js in the verifyDecodedJWTNotRevokedOrDisabled function:
Emulator will always throw token revoked error if the login is over a week even though the token has been refreshed
const authTimeUtc = decodedIdToken.auth_time * 1000; // Get user tokens valid after time in milliseconds UTC. const validSinceUtc = new Date(user.tokensValidAfterTime).getTime(); // Check if authentication time is older than valid since time. if (authTimeUtc < validSinceUtc) { throw new error_1.FirebaseAuthError(revocationErrorInfo); }
node_modules/firebase-admin/lib/base-auth.js: Screenshots![image](https://github.com/firebase/firebase-tools-ui/assets/46498460/1b98bc86-eda9-4acf-bccc-c66ac5a35969)
As of now, the decodedidToekn resolved to the following PST time:
Which always results true on the following if statement